W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

OAuth and HTTP caching

From: Eran Hammer-Lahav <eran@hueniverse.com>
Date: Mon, 21 Sep 2009 14:15:04 -0700
To: "oauth@ietf.org" <oauth@ietf.org>
CC: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343784D58490@P3PW5EX1MB01.EX1.SECURESERVER.NET>
As currently written, OAuth use of the HTTP authentication headers is optional at best.

The reason for that was based on concerns that some platforms do not provide access to the HTTP header in either the request or the reply. However, this might have significant ramifications on caching and other parts of HTTP where an indication of an authenticate interaction is needed.

Before the OAuth WG spends any time on discussing the various methods of sending authentication parameters, I would like to find out if using the authentication headers is more of a requirement for such a protocol.

EHL 
Received on Monday, 21 September 2009 21:15:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:10 GMT